How would you feel about naked passwords?
#1
On most websites, including this one, when you enter your password the characters you type aren't displayed--they're depicted by asterisks or dots.

That's for "security reasons" so that anyone looking over your shoulder won't be able to see your password.

But it's not very friendly from a user interface point of view. And how many times are people looking over your shoulder trying to nab your SuprBay password anyway? And if they're that desperate they could watch your fingers anyway to see what keys you were pressing.

Wouldn't it be easier for you if the password field displayed the characters as you type them just like normal text entry fields? And wouldn't it truthfully be no significant reduction in security at all?

[Incidentally, I've looked at ways of giving you a real-time choice, but that's not as simple as you would think.]

I'm not sure I'll change anything but I'm interested to know what you think about it for SuprBay in particular but also for the web in general.
Reply
#2
i don't think it would make much of a difference in regards to difficulty since i rarely look at my keyboard anyway (i will however admit that having the password obscured does greatly reduce my drunken postings); but as far as security goes, i'm not sure. i keep my disk encrypted so, if someone were to get access to my computer, hopefully they'd be locked out... but i doubt that their intention would be to gain acess to my suprbay password.

edit-

also, it's probably also way easier to just have the password hidden than it is to establish a healthy sense of trust in a relationship especially when your other half's level of normalcy is slightly crazy.
Reply
#3
Personally I prefer naked passwords but I wouldn't recommend making that the default.

-It's unconventional and breaking convention is best avoided without good reason.
-A combination of password reuse and public computers/locations could make this dangerous.
-Some people probably think that the hidden password is more than just a mask and would freakout.

Why can't you just use a "show pass" checkbox like shown here:
http://stackoverflow.com/questions/13831...xt-control
Reply
#4
(Nov 07, 2013, 07:18 am)slicedt Wrote: -It's unconventional and breaking convention is best avoided without good reason.

That's part of the reason it's an interesting concept--it's a particularly bad convention, and there are good reasons to break it.

It arose in the era of shared computers* It's now far more common for people to have their own computers/computing devices, and many of those have quite small screens. It's harder to type on a small format device (increasing the chance of data entry errors, made worse by not being able to see what you're typing) and much less likely that anyone will be able to see what you're typing. It's a usability sacrifice with little real security benefit which quite possibly actually reduces security by effectively encouraging the use of simpler passwords.

Showing the password entry in clear text by default, with an option to mask it for the minority of situations where that is required is arguably the most sensible implementation.



* Even then, it's effectiveness was open to debate. People who can see your screen can see your fingers, and make a pretty damn good stab at guessing what you type. Particularly since, not being able to see what you're typing, you're more likely to choose simpler passwords to minimize the mistakes you make.
Reply
#5
Depends on what the use of the account is, 99% of the places i have to type in a password it is pointless to have it masked. However when i am logging into systems that give me access to over a million people's ssns, dobs, names, etc then i think it any extra masking you can have the better.
Reply
#6
At this point it dont matter.
After years of not seeing what we are typing, Im sure we all found ways to work around it.
I for one use a text then copy paste my pass.
Works for me. Smile
Reply
#7
I think a really effective password style is like what the Ipad's have, as you type it displays the character you just typed and when you input the next character the last one gets the astrik and the new one is displayed. Or the way windows 8 has it where you type and if you need to see it you can click on the little eye icon and it displays what you typed in. This way you still have the security but the friendlyness so others dont keep making the mistakes when entering passwords. I have entered the wrong password before over and over again and then realized that my caps were on. some keyboards have a little light to show this but I have a cordless keyboard and it does not show any lights to indicate that caps or number lock is activated.
Just my thoughts on the subject but I appreciate your williness to improve the site and the open mind to want feedback from your users.
Keep up the great work!
(PITBULL)
Reply
#8
(Nov 07, 2013, 07:41 am)NIK Wrote: Showing the password entry in clear text by default, with an option to mask it for the minority of situations where that is required is arguably the most sensible implementation.

It doesn't make a huge difference to me but I would argue the opposite. Ignoring mobile for a second, the people who benefit from unmasked passwords are people with limited typing skills (can I assume this is usually the case?). Usually, these are general users with less technical know-how. People are used to the mask and those that don't understand it could have understandable (though misplaced) concerns. TPB has reached a level of usability that allows even people with quite low computer literacy to torrent. And since downloading media is a controversion and legally messy issue at the moment, something like visible passwords might be somewhat frightening.

I don't think it'd actually be a major issue or would cause too many problems but it does seem slight backwards imo. The convention is that the password is masked. We expect that. It's unlikely most people would remember to check the box when they actually need to since it would be the only website (that I know of) that does it that way.

Now, mobile is a different story.

(Nov 08, 2013, 01:58 am)PITBULL Wrote: I think a really effective password style is like what the Ipad's have, as you type it displays the character you just typed and when you input the next character the last one gets the astrik and the new one is displayed. Or the way windows 8 has it where you type and if you need to see it you can click on the little eye icon and it displays what you typed in. This way you still have the security but the friendlyness so others dont keep making the mistakes when entering passwords. I have entered the wrong password before over and over again and then realized that my caps were on. some keyboards have a little light to show this but I have a cordless keyboard and it does not show any lights to indicate that caps or number lock is activated.
Just my thoughts on the subject but I appreciate your williness to improve the site and the open mind to want feedback from your users.
Keep up the great work!
(PITBULL)

If I'm not mistaken, on most mobile web browsers, a text field marked as a password field automatically unmasks the last letter typed (just tested it on chrome for android with this site). So that solves that issue, providing all mobile browsers support it. By seeing the last letter, you can usually avoid mistakes.

It could also be an interesting solution for non-mobile browsing as PITBULL suggested. And if you aren't worried about ie6 compatibility and such, I can't imagine it'd be that hard to implement. Granted, I have no idea how.
Reply
#9
(Nov 06, 2013, 01:13 am)NIK Wrote: [Incidentally, I've looked at ways of giving you a real-time choice, but that's not as simple as you would think.]

not having a choice to display the characters seems better than not having a choice to hide the characters.
Reply
#10
Don't display any passwords.And i like to see the system it'self let force the users to create a more complex password at the time of registering. A password combined with upper,lowercase letters ,numbers and symbols is more recommended.
Reply




Users browsing this thread: 2 Guest(s)